Monitor controls using GRC Performance Analytics Indicators

You can link Policy and Compliance Management content and items to Performance Analytics indicators, breakdowns and thresholds. You can associate Performance Analytics indicators with policy statements and controls to view scorecards and trends and analyze current conditions and trends.

The risks and controls associated with a PA indicator or PA indicator/breakdown/element automatically monitor any PA threshold with the same PA indicator or PA indicator, breakdown, or element relationship. Any PA threshold breach is reported at the risk or control and Performance Analytics indicators relationship level within a breach counter. See Performance Analytics.

PA threshold breach impact

When a risk or control and Performance Analytics indicators relationship breach counter is different than zero (for example, a PA threshold with the same PA indicator or PA indicator, breakdown, or element relationship has breached), and if no opened issue already exists, then an issue is created which is associated to the risk or control. Additionally for risks, the Indicator failure factor represents the number of risk and Performance Analytics indicators relationships with a breach counter different than zero.

Reset all PA Indicator breach counters

Reset breach counters associated to a risk or control by clicking Reset all PA Indicator breach counters or opening the specific relationship and clicking Reset Breach Counter.

GRC PA indicator breach reports

There are two reports for the reporting of breaches:
  • Risk PA Indicator Breaches
  • Control PA Indicator Breaches

Activate GRC: Performance Analytics Integration

The GRC: Performance Analytics Integration plugin provides an integration between Performance Analytics and the Risk Management and Policy and Compliance Management applications, providing more insight into organizational risk and compliance performance.

Before you begin

Role required: admin

About this task

This plugin includes demo data and activates related plugins if they are not already active.

Procedure

  1. Navigate to System Definition > Plugins.
  2. Find and click the plugin name.
  3. On the System Plugin form, review the plugin details and then click the Activate/Upgrade related link.

    If the plugin depends on other plugins, these plugins are listed along with their activation status.

    If the plugin has optional features that depend on other plugins, those plugins are listed under Some files will not be loaded because these plugins are inactive. The optional features are not installed until the listed plugins are installed (before or after the installation of the current plugin).

  4. (Optional) If available, select the Load demo data check box.

    Some plugins include demo data—Sample records that are designed to illustrate plugin features for common use cases. Loading demo data is a good practice when you first activate the plugin on a development or test instance.

    You can also load demo data after the plugin is activated by clicking the Load Demo Data Only related link on the System Plugin form.

  5. Click Activate.

What to do next

After activating the GRC: Performance Analytics Integration plugin on an instance with customized related lists on content (risk or policy statement) or items (risk or control), you may have to manually add the PA Indicator to content relationships and/or the PA indicator to item relationships.

Associate a PA indicator with a risk statement or policy statement

You can associate Performance Analytics indicators with risk statements and policy statements to analyze trends related to the risk or policy.

Before you begin

Role required: sn_risk.manager or sn_compliance.manager

Procedure

  1. Navigate to one of the following locations:
    • Policy and Compliance > Policies and Procedures > Policy Statements.
    • Risk > Risk Library > Risk Statements.
  2. Open a risk statement or policy statement.
  3. In the PA Indicators related list, click New.
  4. Fill in the fields on the form, as appropriate.
    Table 1. PA Indicators
    Field Description
    PA Indicator* The performance analytics indicator to associate the Risk Statement or Policy Statement with.
  5. Click Submit.
    On the risk statement or policy statement form, in the PA Indicators related list, you see the associated indicator. You can optionally click View Indicator on the desired indicator to see the indicator's Performance Analytics scorecard. The PA Indicator associations are carried over to all risks or controls associated to the original risk statement or policy statement. Additionally, if the indicator has a breakdown that matches the risk or control's profile (for example a Business Service breakdown), the Breakdown and Element fields for the relationship are automatically filled in.

Associate a PA indicator with risks and controls

You can associate Performance Analytics indicators with risks and controls to analyze trends related to the profile that risk or control belongs to.

Before you begin

Role required: sn_risk.manager or sn_compliance.manager

Procedure

  1. Navigate to one of the following locations:
    • Policy and Compliance > Controls > All Controls.
    • Risk > Risk Register > All Risks.
  2. Open a risk or control.
  3. In the PA Indicators related list, click New.
  4. Fill in the fields on the form, as appropriate.
    Table 2. PA Indicators
    Field Description
    PA Indicator* The performance analytics indicator to associate the Risk or Control with.
    Breakdown Select a breakdown to view a specific trend based on the breakdown element.
    Element Select the breakdown element to view a particular trend and scorecard.
    Note: This field is dependent on the Breakdown field is populated. When visible, it is mandatory.
  5. Click Submit.
    On the Risk or Control form, in the PA Indicators related list, you see the associated indicator. You can optionally click View Indicator on the desired indicator to see the indicator's Performance Analytics scorecard.

Update associated GRC indicators for a set of items

You can update all of the items belonging to a GRC content record so each item is individually related to the PA indicator.

Before you begin

Role required: sn_risk.manager or sn_compliance.manager

Procedure

  1. Navigate to one of the following locations:
    • Policy and Compliance > Policies and Procedures > Policy Statements.
    • Risk > Risk Library > Risk Statements.
  2. Open a Risk Statement or Policy Statement that has an associated Performance Analytics Indicator.
  3. Click the Update PA Relationships related link.
    All of the risks or controls related to the risk statement or policy statement are automatically associated with all of the risk statement or policy statement's indicators. Additionally, if the indicator has a breakdown that matches the risk or control's profile (for example a Business Service breakdown), the Breakdown and Element fields for the relationship are automatically filled in.